From security em unicamp.br Mon Jun 2 11:31:26 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Mon, 2 Jun 2008 11:31:26 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA08-150A -- Apple Updates for Multiple Vulnerabilities Message-ID: <20080602143125.GC61074@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA08-150A -- Apple Updates for Multiple Vulnerabilities To: technical-alerts em us-cert.gov Date: Thu, 29 May 2008 16:12:25 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA08-150A Apple Updates for Multiple Vulnerabilities Original release date: May 29, 2008 Last revised: -- Source: US-CERT Systems Affected * Mac OS X prior to v10.5.3 * Mac OS X Server prior to v10.4.11 Overview Apple has released Security Update 2008-003 and OS X version 10.5.3 to correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, or cause a denial of service. I. Description Apple Security Update 2008-003 and Apple Mac OS X version 10.5.3 address a number of vulnerabilities affecting Apple Mac OS X and OS X Server versions prior to and including 10.4.11 and 10.5.2. Further details are available in the US-CERT Vulnerability Notes Database. The update also addresses vulnerabilities in other vendors' products that ship with Apple OS X or OS X Server. II. Impact A remote, unauthenticated attacker may be able to execute arbitrary code. III. Solution Upgrade Install Apple Security Update 2008-003 or Apple Mac OS X version 10.5.3. These and other updates are available via Software Update or via Apple Downloads. IV. References * Securing Your Web Browser - * About the security content of Security Update 2008-003 / Mac OS X 10.5.3 - * Mac OS X: Updating your software - * US-CERT Vulnerability Notes for Apple Security Update 2008-001 - _________________________________________________________________ The most recent version of this document can be found at: _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA08-150A Feedback VU#566875" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . _________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History May 29 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx 403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ== =QvSr -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Tue Jun 10 15:21:56 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Tue, 10 Jun 2008 15:21:56 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA08-162A -- SNMPv3 Authentication Bypass Vulnerability Message-ID: <20080610182155.GA35559@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA08-162A -- SNMPv3 Authentication Bypass Vulnerability To: technical-alerts em us-cert.gov Date: Tue, 10 Jun 2008 11:00:25 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA08-162A SNMPv3 Authentication Bypass Vulnerability Original release date: June 10, 2008 Last revised: -- Source: US-CERT Systems Affected * Multiple Implementations of SNMPv3 Overview A vulnerability in the way implementations of SNMPv3 handle specially crafted packets may allow authentication bypass. I. Description The Simple Network Management Protocol (SNMP) is a widely deployed protocol that is commonly used to monitor and manage network devices. SNMPv3 ( RFC 3410) supports a user-based security model (RFC 3414) that incorporates security features such as authentication and privacy control. Authentication for SNMPv3 is done using keyed-hash message authentication code (HMAC), a message authentication code calculated using a cryptographic hash function in combination with a secret key. Implementations of SNMPv3 may allow a shortened HMAC code in the authenticator field to authenticate to an agent or a trap daemon using a minimum HMAC of one byte. Reducing the HMAC to one-byte HMAC makes brute-force authentication trivial. This issue is known to affect Net-SNMP and UCD-SNMP. Other SNMP implementations may also be affected. II. Impact This vulnerability allows attackers to read and modify any SNMP object that can be accessed using the authentication credentials that got them into the system. Attackers exploiting this vulnerability can view and modify the configuration of these devices. Attackers must gain access using credentials with write privileges in order to modify configurations. III. Solution Upgrade Please consult your vendor for more information. Apply a patch Net-SNMP has released a patch to address this issue. For more information, refer to SECURITY RELEASE: Multiple Net-SNMP Versions Released. Users are encouraged to apply the patch as soon as possible. Note that patch should apply cleanly to UCD-snmp too. Enable the SNMPv3 privacy subsystem The configuration should be modified to enable the SNMPv3 privacy subsystem to encrypt the SNMPv3 traffic using a secret, private key. This option does not encrypt the HMAC, but does minimize the possible affects from this vulnerability. IV. References * RFC 3410 - * RFC 3414 - * SECURITY RELEASE: Multiple Net-SNMP Versions Released - * US-CERT Vulnerability Note - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA08-162A Feedback VU#878044" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History June 10 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBSE6Wv3IHljM+H4irAQI5GQgAm31aOF6lk2Gsur4fcrG5US7bIFpo8ydi 5zhopMQAabueJkHlRk8yOAHjtT/oTTIATTqhHIOStIAenR1XJ7GDA0YS2MBMu34Y 9tSH0uValQsOxAscalR9sCwPbdKQRScp+KTW9/W1qwadsqrJ2fe6J4Mh1zePWONg EPmj0ZzLDDiAA6kaBq90Pcwfl8sS8muSwatyF68CVlX2A8i87rvn/bH8efwWT0ps dDcyba7NMbVJ2TgtJ99a7cL9AwKrZZqptnc8aAqjXQwi9H9LsS/k5MMIMvffkqc3 TA3Igt9DjuCbkYvPCaTyJrNZKvFj92h9nVD7cL8f3Ofu888rakJI0A== =yTkQ -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Jun 11 09:55:38 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 11 Jun 2008 09:55:38 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA08-162C -- Apple Quicktime Updates for Multiple Vulnerabilities Message-ID: <20080611125531.GA38826@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA08-162C -- Apple Quicktime Updates for Multiple Vulnerabilities To: technical-alerts em us-cert.gov Date: Tue, 10 Jun 2008 16:02:46 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA08-162C Apple Quicktime Updates for Multiple Vulnerabilities Original release date: June 10, 2008 Last revised: -- Source: US-CERT Systems Affected * Apple Mac OS X running versions of QuickTime prior to 7.5 * Microsoft Windows running versions of QuickTime prior to 7.5 Overview Apple QuickTime contains multiple vulnerabilities as described in the Apple Knowledgebase article HT1991. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. I. Description Apple QuickTime prior to version 7.5 has multiple image and media file handling vulnerabilities. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file that could be hosted on a web page. Apple QuickTime 7.5 addresses these vulnerabilities. Note that Apple iTunes for Windows installs QuickTime, so any system with iTunes may be vulnerable. II. Impact These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. For further information, please see Apple knowledgebase article HT1991 about the security content of QuickTime 7.5 III. Solution Upgrade QuickTime Upgrade to QuickTime 7.5. This and other updates for Mac OS X are available via Apple Update. Secure your web browser To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser. IV. References * About the security content of the QuickTime 7.5 Update - * How to tell if Software Update for Windows is working correctly when no updates are available - * Apple - QuickTime - Download - * Mac OS X: Updating your software - * Securing Your Web Browser - * US-CERT Vulnerability Notes for QuickTime 7.5 - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA08-162C Feedback VU#132419" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History June 10, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSE7bhHIHljM+H4irAQKGtQf/bW1M/gN6V35MDqIGFK3PbaIXBqnhtFws xPl6zNdWmYVCHid6u0aZ+UYE+AESK3Qw3DdiwLRr3X9R4hoGmRUGiedv4h0owQTb Rij3K5simf2vbNBsVopFNeVnokOowkcRYUk/n0QnGn5FUnwDeKutrMwXQ94As/Y3 8z/VsKpwqjScHgedT6Hv67f8E6kSma4BBcK2NlRC9VMTWN2oUD7MDI/BSp5kcqaM TJfBJzqsWUywWRP3Bi8PYOLYbmC5Qj7nirl0lzCjJdNiS/GKUnT4LezHTlVhVOv5 FTnkO25morpDQph2+oBi6o+lCOBu6G6RtfQ7u15CGDCeZyme2B79eg== =e01A -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Jun 11 09:56:03 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 11 Jun 2008 09:56:03 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA08-162B -- Microsoft Updates for Multiple Vulnerabilities Message-ID: <20080611125603.GB38826@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA08-162B -- Microsoft Updates for Multiple Vulnerabilities To: technical-alerts em us-cert.gov Date: Tue, 10 Jun 2008 16:38:06 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-DDDA Microsoft Updates for Multiple Vulnerabilities Original release date: June 10, 2008 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Windows Server * Microsoft Internet Explorer Overview Microsoft has released updates that address vulnerabilities in Microsoft Windows, Windows Server, and Internet Explorer. I. Description Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Windows Server, and Internet Explorer as part of the Microsoft Security Bulletin Summary for June 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. For more information, see the US-CERT Vulnerability Notes Database. II. Impact A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable system to crash. III. Solution Apply updates from Microsoft Microsoft has provided updates for these vulnerabilities in the June 2008 Security Bulletin Summary. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). IV. References * US-CERT Vulnerability Notes for Microsoft June 2008 updates - * Microsoft Security Bulletin Summary for June 2008 - * Microsoft Update - * Windows Server Update Services - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA08-162B Feedback VU#926531" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History June 10, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBSE7lp3IHljM+H4irAQJejQf/XAoOAqifuWYEa+ZjmJokKalvy0JXEFvh 9XYjz9xlhScFiWM302apc11b7NFjLLteS2bLtBhC3+IP4Fa9FwbuzvLDlAWbQO+K VOeWBKNzOxtR8HRDYXeenmC3tkibdLT1JWiOH3g778HcFme0RRrlAdZkMe192KZO eCKg60lH2l2ljo+nXBuuA88QP3ej5MhxAoZpkeJmGml4jXhRzliKOHyT0Xd+7C3n LtpNJEgNOlIIln5htOWiDtboMejd+SRGElCfkuCxxT9WNJxUTSCmc2wNU7rzVJa/ huqltEBnkcY3n9qrS+ys1ORBqk4/Aol+J5bfEoKq+cVi+gTDd+JA1w== =8uVN -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Thu Jun 12 09:33:31 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 12 Jun 2008 09:33:31 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade na pilha Bluetooth (MS08-030) Message-ID: <20080612123331.GC38826@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade na pilha Bluetooth (MS08-030) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Wed, 11 Jun 2008 11:45:43 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-030 - Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)", que trata de uma vulnerabilidade na pilha (stack) Bluetooth de diversas versoes do Sistema Operacional Microsoft Windows. A vulnerabilidade em questao esta' na forma como a pilha Bluetooth de alguns sistemas Microsoft Windows trata um grande numero de requisicoes do tipo "service description". Caso um atacante consiga explorar com sucesso esta vulnerabilidade, ele podera' obter obter controle total sobre o sistema afetado. Sistemas afetados: . Windows XP Service Pack 2 . Windows XP Service Pack 3 . Windows XP Professional x64 Edition . Windows XP Professional x64 Edition Service Pack 2 . Windows Vista . Windows Vista Service Pack 1 . Windows Vista x64 Edition . Windows Vista x64 Edition Service Pack 1 Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?familyid=980bb421-950f-4825-8039-44cc961a47b8 . Windows XP Service Pack 3 http://www.microsoft.com/downloads/details.aspx?familyid=980bb421-950f-4825-8039-44cc961a47b8 . Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?familyid=81ab56ca-933f-4974-a393-290a54c30a78 . Windows XP Professional x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?familyid=81ab56ca-933f-4974-a393-290a54c30a78 . Windows Vista http://www.microsoft.com/downloads/details.aspx?familyid=6524debe-be50-44d1-8543-af0bfaf086ad . Windows Vista Service Pack 1 http://www.microsoft.com/downloads/details.aspx?familyid=6524debe-be50-44d1-8543-af0bfaf086ad . Windows Vista x64 Edition http://www.microsoft.com/downloads/details.aspx?familyid=6adee8b9-3455-4f3b-8bdd-2585c8ff83b8 . Windows Vista x64 Edition Service Pack 1 http://www.microsoft.com/downloads/details.aspx?familyid=6adee8b9-3455-4f3b-8bdd-2585c8ff83b8 Mais informacoes: . MS08-030 - Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376) http://www.microsoft.com/technet/security/Bulletin/MS08-030.mspx . SANS ISC Handler's Diary 2008-06-10: June 2008 Black Tuesday Overview http://isc.sans.org/diary.html?storyid=4552 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2008-1453 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBSE/lHekli63F4U8VAQFOGAP+NfK9nUXbJbjXmeb9JXa//5m5aLhVc/Zg vEUQNDB0q+G5IV99CaTeMDuMFw/rbDDhHQlvd1JwfyB0uGCfFlUH97r8Ve1i9/i3 5neKHTFLRDigGHs56UbFOcOj/Ib/UukqIC98dFsK8Bd6AP4JFqs2456Y/zSqTRky VAADpfyWOE0= =RNs6 -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Thu Jun 12 09:34:00 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 12 Jun 2008 09:34:00 -0300 Subject: [SECURITY-L] CAIS-Alerta: Correcoes de Seguranca Acumulativas para Internet Explorer (MS08-031) Message-ID: <20080612123400.GD38826@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Correcoes de Seguranca Acumulativas para Internet Explorer (MS08-031) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Wed, 11 Jun 2008 11:47:01 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-031 - Cumulative Security Update for Internet Explorer (950759)", que trata de duas vulnerabilidades recem identificadas no navegador Internet Explorer. As vulnerabilidades foram classificadas como criticas pela Microsoft e permitem a execucao remota de codigo caso um usuario abra uma pagina Web maliciosa com um navegador Internet Explorer afetado. Usuarios cujas contas tenham menos privilegios no sistema podem sofrer menos impacto. Sistemas afetados: . Internet Explorer 5.01 - Microsoft Windows 2000 Service Pack 4 . Internet Explorer 6 Service Pack 1 - Microsoft Windows 2000 Service Pack 4 . Internet Explorer 6 - Windows XP Service Pack 2 - Windows XP Service Pack 3 - Windows XP Professional x64 Edition - Windows XP Professional x64 Edition Service Pack 2 - Windows Server 2003 Service Pack 1 - Windows Server 2003 Service Pack 2 - Windows Server 2003 x64 Edition - Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 com SP1 para sistemas baseados em Itanium - Windows Server 2003 com SP2 para sistemas baseados em Itanium . Internet Explorer 7 - Windows XP Service Pack 2 - Windows XP Service Pack 3 - Windows XP Professional x64 Edition - Windows XP Professional x64 Edition Service Pack 2 - Windows Server 2003 Service Pack 1 - Windows Server 2003 Service Pack 2 - Windows Server 2003 x64 Edition - Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 com SP1 para sistemas baseados em Itanium - Windows Server 2003 com SP2 para sistemas baseados em Itanium - Windows Vista - Windows Vista Service Pack 1 - Windows Vista x64 Edition - Windows Vista x64 Edition Service Pack 1 - Windows Server 2008 para sistemas 32-bit - Windows Server 2008 para sistemas x64 - Windows Server 2008 para sistemas baseados em Itanium Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Internet Explorer 5.01 - Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=88990B23-D37F-4D02-A5A3-2EE389ADE53C . Internet Explorer 6 Service Pack 1 - Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=4C47CF8A-8100-4D43-855A-F225A3492B19 . Internet Explorer 6 - Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=CC325017-3A48-4475-90E4-0C79A002FCE3 - Windows XP Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=CC325017-3A48-4475-90E4-0C79A002FCE3 - Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=C8783CFE-9DA5-4842-AB3A-1E2BE4FAFC47 - Windows XP Professional x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=C8783CFE-9DA5-4842-AB3A-1E2BE4FAFC47 - Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=286AADA6-A358-41F1-B81A-8DE39B9F908A - Windows Server 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=286AADA6-A358-41F1-B81A-8DE39B9F908A - Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=6604569A-3DB0-47E7-BD30-7DFBA8145386 - Windows Server 2003 x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=6604569A-3DB0-47E7-BD30-7DFBA8145386 - Windows Server 2003 com SP1 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=0262BEB8-1EB5-4C2D-A50A-0C6C6E0C1F61 - Windows Server 2003 com SP2 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=0262BEB8-1EB5-4C2D-A50A-0C6C6E0C1F61 . Internet Explorer 7 - Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=FBC31BDE-0BF5-490C-96A8-071310D9464A - Windows XP Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=FBC31BDE-0BF5-490C-96A8-071310D9464A - Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=19C0CCDC-95C9-4151-96B6-4F49B594EBE0 - Windows XP Professional x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=19C0CCDC-95C9-4151-96B6-4F49B594EBE0 - Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=A1AE9AD2-8329-4C96-B950-7534B3287EAA - Windows Server 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=A1AE9AD2-8329-4C96-B950-7534B3287EAA - Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=FB0C70B4-CE9F-43D6-875A-3CFD0D3A2681 - Windows Server 2003 x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=FB0C70B4-CE9F-43D6-875A-3CFD0D3A2681 - Windows Server 2003 com SP1 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=28D2913C-1C6B-4671-9892-DE08698CD5A6 - Windows Server 2003 com SP2 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=28D2913C-1C6B-4671-9892-DE08698CD5A6 - Windows Vista http://www.microsoft.com/downloads/details.aspx?FamilyId=6D68B39D-157F-4C3D-AC76-BC5A9386DB59 - Windows Vista Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=6D68B39D-157F-4C3D-AC76-BC5A9386DB59 - Windows Vista x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=4CF92235-861E-4B74-BEE3-8E977C8688D9 - Windows Vista x64 Edition Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=4CF92235-861E-4B74-BEE3-8E977C8688D9 - Windows Server 2008 para sistemas 32-bit http://www.microsoft.com/downloads/details.aspx?FamilyId=A8922E7E-9264-4E09-B8AD-C5420FED8690 - Windows Server 2008 para sistemas x64 http://www.microsoft.com/downloads/details.aspx?FamilyId=05B0E838-24D7-4387-B069-2604BBCC43B9 - Windows Server 2008 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=640E1865-EBCC-4D69-A770-FD360020DA1E Mais informacoes: . MS08-031 - Cumulative Security Update for Internet Explorer (950759) http://www.microsoft.com/technet/security/bulletin/ms08-031.mspx . SANS ISC Handler's Diary 2008-06-10: June 2008 Black Tuesday Overview http://isc.sans.org/diary.html?storyid=4552 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2008-1442, CVE-2008-1544 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBSE/laukli63F4U8VAQFmIQQApbHWr6JO7GBdOUsrbeZpKGns4kKXZv2d tSHqhhZ+59uJ7RlHlTdEgpbEIxxCaO8AbMBm2EG90z9JylvL8hOFyhTZ31J7JBIn TiFfL6hZi7TJ4uxrT9RpPebLneKcrU6gTIls340I6s5/LzFcSt9FlZLSj4nLGIpe BF1X1DDukmk= =qKBX -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Thu Jun 12 09:40:25 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 12 Jun 2008 09:40:25 -0300 Subject: [SECURITY-L] CAIS-Alerta: Atualizacao de Seguranca para ActiveX (MS08-032) Message-ID: <20080612124024.GE38826@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Atualizacao de Seguranca para ActiveX (MS08-032) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Wed, 11 Jun 2008 11:47:53 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-032 - Cumulative Security Update of ActiveX Kill Bits (950760)", que trata de uma atualizacao de seguranca para um controle ActiveX e aplicacao de "kill-bit" para um controle ActiveX de terceiros. Existe uma vulnerabilidade remota no componente de voz "sapi.dll", que se explorada, pode permitir ao atacante executar codigo malicioso no sistema vulneravel. Para ser explorada a vulnerabilidade e' necessario que o sistema de voz esteja habilitado. Se explorada, a vulnerabilidade permite ao atacante obter as mesmas permissoes de acesso do usuario conectado. Se este usuario tiver permissoes de administrador, o atacante podera obter o controle total sobre o sistema. A atualizacao desabilita, atraves da ativacao de um "kill-bit" (modificacao no registro), o funcionamento do controle ActiveX "BackWeb LiteInstactivator" no Internet Explorer. Este controle contem uma vulnerabilidade reportada pelo fabricante. Sistemas afetados: . Microsoft Windows 2000 Service Pack 4 . Windows XP Service Pack 2 . Windows XP Service Pack 3 . Windows XP Professional x64 Edition . Windows XP Professional x64 Edition Service Pack 2 . Windows Server 2003 Service Pack 1 . Windows Server 2003 Service Pack 2 . Windows Server 2003 x64 Edition . Windows Server 2003 x64 Edition Service Pack 2 . Windows Server 2003 com SP1 para sistemas baseados em Itanium . Windows Server 2003 com SP2 para sistemas baseados em Itanium . Windows Vista . Windows Vista Service Pack 1 . Windows Vista x64 Edition . Windows Vista x64 Edition Service Pack 1 . Windows Server 2008 para sistemas 32-bit . Windows Server 2008 para sistemas x64 . Windows Server 2008 para sistemas baseados em Itanium Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em : . Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=CEDFD988-232C-4CBA-AC65-BEB54B8946E0 . Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=2D8957C2-E473-4DCA-8D68-19FDAEA36E26 . Windows XP Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=2D8957C2-E473-4DCA-8D68-19FDAEA36E26 . Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=62874096-7D17-4116-9795-4756E2FB6DAE . Windows XP Professional x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=62874096-7D17-4116-9795-4756E2FB6DAE . Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=DADEAD99-09CB-4F2B-850D-E98A627CB9F8 . Windows Server 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=DADEAD99-09CB-4F2B-850D-E98A627CB9F8 . Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=84F9B533-B0CB-46D1-B4A8-5C9469ABBD22 . Windows Server 2003 x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=84F9B533-B0CB-46D1-B4A8-5C9469ABBD22 . Windows Server 2003 com SP1 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=AC35CE19-D761-4529-9F55-1E1B5B2447AD . Windows Server 2003 com SP2 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=AC35CE19-D761-4529-9F55-1E1B5B2447AD . Windows Vista http://www.microsoft.com/downloads/details.aspx?FamilyId=4AF6575E-B061-45A6-B3D8-ECB32D76B2D3 . Windows Vista Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=4AF6575E-B061-45A6-B3D8-ECB32D76B2D3 . Windows Vista x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=67576ACB-9CB6-4C76-9A72-DC5E5556B658 . Windows Vista x64 Edition Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=67576ACB-9CB6-4C76-9A72-DC5E5556B658 . Windows Server 2008 para sistemas 32-bit http://www.microsoft.com/downloads/details.aspx?FamilyId=8A507FBA-8C93-4952-91E4-98E9E7AFFBD2 . Windows Server 2008 para sistemas x64 http://www.microsoft.com/downloads/details.aspx?FamilyId=1A11499D-A008-407F-9084-A5189FA27015 . Windows Server 2008 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=59B1689C-E723-4D87-973E-4BEAC107A6F7 Mais informacoes: . MS08-032 - Security Update of ActiveX Kill Bits (950760) http://www.microsoft.com/technet/security/Bulletin/MS08-032.mspx . SANS ISC Handler's Diary 2008-06-10: June 2008 Black Tuesday Overview http://isc.sans.org/diary.html?storyid=4552 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2007-0675 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBSE/lnukli63F4U8VAQHZZgQAloyD7rw7j4Icav1IbdMHXdPBa/rZ/m/s uaeIB6j66oicQAmv50Ybc6UIhaJpEO1g/Mzm1neui70EXTdUuSiFolEE4dtlwdDO +Rk54oJrQBYls4GlmkIVlo3+eBNCqQTZisiPQlyK7mHpxTpQ0aKCxyrwyhySrNPs ZgtpJLS4p+k= =vW0u -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Thu Jun 12 09:40:55 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 12 Jun 2008 09:40:55 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no DirectX (MS08-033) Message-ID: <20080612124054.GF38826@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no DirectX (MS08-033) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Wed, 11 Jun 2008 11:49:49 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-033 - Critical Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)", que trata de duas vulnerabilidades recem-descobertas no Microsoft DirectX. As vulnerabilidades de execucao remota de codigo existem devido `a maneira como o DirectX manipula arquivos em formatos suportados e devido `a maneira como o codec Windows MJPEG maniputa fluxos de dados MJPEG, em AVI ou ASF. Caso um atacante consiga explorar com sucesso esta vulnerabilidade, ele podera obter o controle total sobre o sistema afetado. Entretanto, no caso de um usuario com poucos privilegios estar registrado no sistema no momento do ataque, o impacto podera ser menor do que caso o usuario estivesse registrado com privilegios de administrador. A Microsoft considera esta vulnerabilidade como sendo critica e recomenda que todos os usuarios apliquem as correcoes imediatamente. Sistemas afetados: . Microsoft Windows 2000 Service Pack 4 (DirectX 7.0) . Microsoft Windows 2000 Service Pack 4 (DirectX 8.1) . Microsoft Windows 2000 Service Pack 4 (DirectX 9.0, DirectX 9.0b ou DirectX 9.0c) . Windows XP Service Pack 2 (DirectX 9.0, DirectX 9.0b ou DirectX 9.0c) . Windows XP Service Pack 3 (DirectX 9.0, DirectX 9.0b ou DirectX 9.0c) . Windows XP Professional x64 Edition (DirectX 9.0, DirectX 9.0b ou DirectX 9.0c) . Windows XP Professional x64 Edition Service Pack 2 (DirectX 9.0, DirectX 9.0b ou DirectX 9.0c) . Windows Server 2003 Service Pack 1 (DirectX 9.0, DirectX 9.0b ou DirectX 9.0c) . Windows Server 2003 Service Pack 2 (DirectX 9.0, DirectX 9.0b ou DirectX 9.0c) . Windows Server 2003 x64 Edition (DirectX 9.0, DirectX 9.0b ou DirectX 9.0c) . Windows Server 2003 x64 Edition Service Pack 2 (DirectX 9.0, DirectX 9.0b ou DirectX 9.0c) . Windows Server 2003 com SP1 para sistemas baseados em Itanium (DirectX 9.0, DirectX 9.0b ou DirectX 9.0c) . Windows Server 2003 com SP2 para sistemas baseados em Itanium (DirectX 9.0, DirectX 9.0b ou DirectX 9.0c) . Windows Vista (DirectX 10.0) . Windows Vista Service Pack 1 (DirectX 10.0) . Windows Vista x64 Edition (DirectX 10.0) . Windows Vista x64 Edition Service Pack 1 (DirectX 10.0) . Windows Server 2008 para 32-bit Systems* (DirectX 10.0) . Windows Server 2008 para sistemas baseados em x64* (DirectX 10.0) . Windows Server 2008 para sistemas baseados em Itanium (DirectX 10.0) Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em : . Microsoft Windows 2000 Service Pack 4 (DirectX 7.0) http://www.microsoft.com/downloads/details.aspx?FamilyId=65640123-a9e4-455c-a51a-9df28bd2d412 . Microsoft Windows 2000 Service Pack 4 (DirectX 8.1) http://www.microsoft.com/downloads/details.aspx?FamilyId=c6a28d45-13cf-48c4-8f89-3417d552e90b . Microsoft Windows 2000 Service Pack 4 (DirectX 9.0, DirectX 9.0b ou DirectX 9.0c) http://www.microsoft.com/downloads/details.aspx?FamilyId=4dc47e04-5e95-4636-a814-3f912d961461 . Windows XP Service Pack 2 (DirectX 9.0, DirectX 9.0b ou DirectX 9.0c) http://www.microsoft.com/downloads/details.aspx?FamilyId=7aaa6427-1e22-4566-960c-836a3b9e5f36 . Windows XP Service Pack 3 (DirectX 9.0, DirectX 9.0b ou DirectX 9.0c) http://www.microsoft.com/downloads/details.aspx?FamilyId=7aaa6427-1e22-4566-960c-836a3b9e5f36 . Windows XP Professional x64 Edition (DirectX 9.0, DirectX 9.0b ou DirectX 9.0c) http://www.microsoft.com/downloads/details.aspx?FamilyId=5e8e7e9d-828d-442c-acac-8d91e80dfb36 . Windows XP Professional x64 Edition Service Pack 2 (DirectX 9.0, DirectX 9.0b ou DirectX 9.0c) http://www.microsoft.com/downloads/details.aspx?FamilyId=5e8e7e9d-828d-442c-acac-8d91e80dfb36 . Windows Server 2003 Service Pack 1 (DirectX 9.0, DirectX 9.0b ou DirectX 9.0c) http://www.microsoft.com/downloads/details.aspx?FamilyId=2274ecb2-2802-47e2-84fd-6621fcb17758 . Windows Server 2003 Service Pack 2 (DirectX 9.0, DirectX 9.0b ou DirectX 9.0c) http://www.microsoft.com/downloads/details.aspx?FamilyId=2274ecb2-2802-47e2-84fd-6621fcb17758 . Windows Server 2003 x64 Edition (DirectX 9.0, DirectX 9.0b ou DirectX 9.0c) http://www.microsoft.com/downloads/details.aspx?FamilyId=5ba63bb7-ed6d-4c59-88b3-456eda07e190 . Windows Server 2003 x64 Edition Service Pack 2 (DirectX 9.0, DirectX 9.0b ou DirectX 9.0c) http://www.microsoft.com/downloads/details.aspx?FamilyId=5ba63bb7-ed6d-4c59-88b3-456eda07e190 . Windows Server 2003 com SP1 para sistemas baseados em Itanium (DirectX 9.0, DirectX 9.0b ou DirectX 9.0c) http://www.microsoft.com/downloads/details.aspx?FamilyId=be71c002-2f64-49e9-9f4b-ba99c4f3caf6 . Windows Server 2003 com SP2 para sistemas baseados em Itanium (DirectX 9.0, DirectX 9.0b ou DirectX 9.0c) http://www.microsoft.com/downloads/details.aspx?FamilyId=be71c002-2f64-49e9-9f4b-ba99c4f3caf6 . Windows Vista (DirectX 10.0) http://www.microsoft.com/downloads/details.aspx?FamilyId=4d4b305b-57f8-448d-92fa-3dcdd1f42ed7 . Windows Vista Service Pack 1 (DirectX 10.0) http://www.microsoft.com/downloads/details.aspx?FamilyId=4d4b305b-57f8-448d-92fa-3dcdd1f42ed7 . Windows Vista x64 Edition (DirectX 10.0) http://www.microsoft.com/downloads/details.aspx?FamilyId=b040cfad-2290-44f4-8f5a-5d1ed98a7265 . Windows Vista x64 Edition Service Pack 1 (DirectX 10.0) http://www.microsoft.com/downloads/details.aspx?FamilyId=b040cfad-2290-44f4-8f5a-5d1ed98a7265 . Windows Server 2008 para 32-bit Systems* (DirectX 10.0) http://www.microsoft.com/downloads/details.aspx?FamilyId=c0c495f8-2a35-4638-a635-1e55dd15e062 . Windows Server 2008 para sistemas baseados em x64* (DirectX 10.0) http://www.microsoft.com/downloads/details.aspx?FamilyId=0b70fc2e-4e80-4ae8-8682-41ea04c24e4e . Windows Server 2008 para sistemas baseados em Itanium (DirectX 10.0) http://www.microsoft.com/downloads/details.aspx?FamilyId=80ec83e0-cfb8-4a5e-9254-6679a7225b83 * Versoes do Windows Server 2008 nao estao afetadas se instaladas utilizand-se a opcao de instalacao "Server Core". Para mais informacoes, consulte o alerta original da Microsoft (Mais informacoes). Mais informacoes: . MS08-033 - Critical Vulnerabilities in DirectX Could Allow Remote Code Execution (951698) http://www.microsoft.com/technet/security/Bulletin/MS08-033.mspx . SANS ISC Handler's Diary 2008-06-10: June 2008 Black Tuesday Overview http://isc.sans.org/diary.html?storyid=4552 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2008-0011, CVE-2008-1444 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBSE/mEukli63F4U8VAQEOBAQAvX9DUrSVWOTSIrKkAWF4q87rY6ELue61 9YNPpj/QgHnEjsBiLhAFpX9OBIFLa9lgfQaWgrGUEf0vVjgIqr2o03vAp215eCj4 EWjW4wyZDVkKlZc5bg8PZuXIQO+WBJQNknoP9psDWHYJPfjAUeUfelkAfAH1MVcW QygN5LrkxbA= =zdb7 -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Thu Jun 12 09:41:23 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 12 Jun 2008 09:41:23 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Windows Internet Name Service - WINS (MS08-034) Message-ID: <20080612124122.GG38826@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no Windows Internet Name Service - WINS (MS08-034) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Wed, 11 Jun 2008 11:51:47 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-034 - Important Vulnerability in WINS Could Allow Elevation of Privilege (948745)", que trata de uma vulnerabilidade recem-descoberta no Windows Internet Name Service (WINS). Uma vulnerabilidade de elevacao de privilegios existe devido `a maneira impropria como o Windows Internet Name Service valida estruturas de dados dentro de pacotes de rede WINS especialmente criados. Caso um atacante consiga explorar com sucesso esta vulnerabilidade, ele podera obter o controle total sobre o sistema afetado. O Windows Internet Name Service (WINS) e' um servico que traduz nomes em NetBIOS para enderecos TCP/IP. Sistemas afetados: . Microsoft Windows 2000 Server Service Pack 4 . Windows Server 2003 Service Pack 1 . Windows Server 2003 Service Pack 2 . Windows Server 2003 x64 Edition . Windows Server 2003 x64 Edition Service Pack 2 . Windows Server 2003 com SP1 para sistemas baseados em Itanium . Windows Server 2003 com SP2 para sistemas baseados em Itanium Sistemas nao afetados: . Microsoft Windows 2000 Professional Service Pack 4 . Windows XP Service Pack 2 . Windows XP Service Pack 3 . Windows XP Professional x64 Edition . Windows XP Professional x64 Edition Service Pack 2 . Windows Vista . Windows Vista Service Pack 1 . Windows Vista x64 Edition . Windows Vista x64 Edition Service Pack 1 . Windows Server 2008 para sistemas 32-bit . Windows Server 2008 para sistemas baseados em x64 . Windows Server 2008 para sistemas baseados em Itanium Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em : . Microsoft Windows 2000 Server Service Pack 4 http://www.microsoft.com/downloads/details.aspx?familyid=aa8aa79f-c2cc-440c-9e5c-089143e6f814 . Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?familyid=08fc90d5-23aa-4327-8aef-16bc5170769d . Windows Server 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?familyid=08fc90d5-23aa-4327-8aef-16bc5170769d . Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?familyid=71675ae8-d60a-4834-b358-2d8e761e62fc . Windows Server 2003 x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?familyid=71675ae8-d60a-4834-b358-2d8e761e62fc . Windows Server 2003 com SP1 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?familyid=87affdc9-d9fe-413c-af30-f3d3b671ec72 . Windows Server 2003 com SP2 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?familyid=87affdc9-d9fe-413c-af30-f3d3b671ec72 Mais informacoes: . MS08-034 - Important Vulnerability in WINS Could Allow Elevation of Privilege (948745) http://www.microsoft.com/technet/security/Bulletin/MS08-034.mspx . SANS ISC Handler's Diary 2008-06-10: June 2008 Black Tuesday Overview http://isc.sans.org/diary.html?storyid=4552 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2008-1451 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBSE/miOkli63F4U8VAQExZQQAwnBVVTC/4U+JP2vkZpciuqOki8sNGPHV aokCsasi8GWBLKrLxmyvk2RYQ+hz767EebfKE1/iDQd0gsUALSitXWNXAvWGUMND yahPbfQ58TFsA17+ZS0lQlflJ3KIBV+ngxPrIFHNBGCB8nzHq+t4JDHwiNOVO+oB IIr8lz75px8= =U1FB -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Thu Jun 12 09:41:55 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 12 Jun 2008 09:41:55 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade no Microsoft Active Directory (MS08-035) Message-ID: <20080612124153.GH38826@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade no Microsoft Active Directory (MS08-035) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Wed, 11 Jun 2008 11:53:11 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-035 - Important Vulnerability in Active Directory Could Allow Denial of Service (953235)", que trata de uma vulnerabilidade recem-descoberta no Active Directory. Uma vulnerabilidade de Negacao de Servico (DoS) existe no Active Directory devido `a validacao insuficiente de solicitacoes LDAP especialmente criadas. Caso um atacante consiga explorar com sucesso esta vulnerabilidade, ele podera fazer fazer o computador parar de responder e reiniciar automaticamente. Sistemas afetados: . Microsoft Windows 2000 Server Service Pack 4 . Windows XP Professional Service Pack 2 . Windows XP Professional Service Pack 3 . Windows XP Professional x64 Edition . Windows XP Professional x64 Edition Service Pack 2 . Windows Server 2003 Service Pack 1 . Windows Server 2003 Service Pack 2 . Windows Server 2003 Service Pack 1 . Windows Server 2003 Service Pack 2 . Windows Server 2003 x64 Edition . Windows Server 2003 x64 Edition Service Pack 2 . Windows Server 2003 x64 Edition . Windows Server 2003 x64 Edition Service Pack 2 . Windows Server 2003 com SP1 para sistemas baseados em Itanium . Windows Server 2003 com SP2 para sistemas baseados em Itanium . Windows Server 2008 para sistemas 32-bit* . Windows Server 2008 para sistemas 32-bit* . Windows Server 2008 para sistemas baseados em x64* . Windows Server 2008 para sistemas baseados em x64* * Para as versoes do Windows Server 2008, as taxas de severidade do alerta original da Microsoft se aplicam sendo o sistema instalado ou nao com a opcao "Server Core". Para mais informacoes, consulte o alerta original (Mais informacoes). Sistemas nao afetados: . Windows 2000 Professional Service Pack 4 . Windows XP Home Service Pack 2 . Windows XP Tablet Edition Service Pack 2 . Windows XP Media Center Edition Service Pack 2 . Windows Vista . Windows Vista Service Pack 1 . Windows Vista x64 Edition . Windows Vista x64 Edition Service Pack 1 . Windows Server 2008 para sistemas baseados em Itanium Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em : . Microsoft Windows 2000 Server Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyID=53438880-9ea9-4975-9b85-2a1d3d232793 . Windows XP Professional Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyID=7d6aec31-cfb4-470c-983e-78c6a3ebabfe . Windows XP Professional Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyID=7d6aec31-cfb4-470c-983e-78c6a3ebabfe . Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyID=ef2e0b48-1bde-4ccc-8f40-2918c2568b2b . Windows XP Professional x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyID=ef2e0b48-1bde-4ccc-8f40-2918c2568b2b . Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyID=a4aed117-3c76-4d80-b50e-8e07e2ef2f7d . Windows Server 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyID=a4aed117-3c76-4d80-b50e-8e07e2ef2f7d . Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyID=0a983ffb-4f5a-4b78-9bf5-813dcc5df8d3 . Windows Server 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyID=0a983ffb-4f5a-4b78-9bf5-813dcc5df8d3 . Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyID=8298a6e4-d3e2-48ea-ac29-aa4dc5a8ec77 . Windows Server 2003 x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyID=8298a6e4-d3e2-48ea-ac29-aa4dc5a8ec77 . Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyID=334252db-4a7a-4161-bb71-2a20c0b5bd93 . Windows Server 2003 x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyID=334252db-4a7a-4161-bb71-2a20c0b5bd93 . Windows Server 2003 com SP1 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyID=f6bf4b85-b91d-4378-a356-cd11f12cbbfd . Windows Server 2003 com SP2 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?FamilyID=f6bf4b85-b91d-4378-a356-cd11f12cbbfd . Windows Server 2008 para sistemas 32-bit* http://www.microsoft.com/downloads/details.aspx?FamilyID=2981156e-2e2f-469e-91be-da127d50f3fc . Windows Server 2008 para sistemas 32-bit* http://www.microsoft.com/downloads/details.aspx?FamilyID=2981156e-2e2f-469e-91be-da127d50f3fc . Windows Server 2008 para sistemas baseados em x64* http://www.microsoft.com/downloads/details.aspx?FamilyID=b5cfe6f4-c5ba-4be9-a6b8-9381c40c85aa . Windows Server 2008 para sistemas baseados em x64* http://www.microsoft.com/downloads/details.aspx?FamilyID=b5cfe6f4-c5ba-4be9-a6b8-9381c40c85aa Mais informacoes: . MS08-035 - Important Vulnerability in Active Directory Could Allow Denial of Service (953235) http://www.microsoft.com/technet/security/Bulletin/MS08-035.mspx . SANS ISC Handler's Diary 2008-06-10: June 2008 Black Tuesday Overview http://isc.sans.org/diary.html?storyid=4552 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2008-1445 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBSE/m2ukli63F4U8VAQFwWwP/T7YuLwlsc+DqAdA/qdNvNTX4zdsZxGOz 72hI/RYAppJfAfD+6dod33jTzF9W+xvkzW3TlE6r3O437AfE8OjyqswU021SmbRH 5cxuuR3TwOxh17MqDe4vjuri5owyXXZr0LDQcp+FEGomdL4fjken6l+A2GcLVrou Kax2sGsCpsA= =iJb+ -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Thu Jun 12 09:42:57 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 12 Jun 2008 09:42:57 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidades no Microsoft PGM (MS08-036) Message-ID: <20080612124257.GI38826@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidades no Microsoft PGM (MS08-036) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Wed, 11 Jun 2008 11:54:48 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-036 - Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)", que trata de duas vulnerabilidades reportadas no protocolo Pragmatic General Multicast (PGM). O PGM e' um protocolo multicast escalavel, que permite ao receptor dos pacotes controlar a confiabilidade da comunicacao. As vulnerabilidades reportadas afetam o modo como o protocolo valida pacotes especialmente criados e processa pacotes fragmentados. Ambas vulnerabilidades fazem com que o computador atacado pare de responder e precise ser reiniciado. Sistemas afetados: . Windows XP Service Pack 2 . Windows XP Service Pack 3 . Windows XP Professional x64 Edition . Windows XP Professional x64 Edition Service Pack 2 . Windows Server 2003 Service Pack 1 . Windows Server 2003 Service Pack 2 . Windows Server 2003 x64 Edition . Windows Server 2003 x64 Edition Service Pack 2 . Windows Server 2003 com SP1 para sistemas baseados em Itanium . Windows Server 2003 com SP2 para sistemas baseados em Itanium . Windows Vista . Windows Vista Service Pack 1 . Windows Vista x64 Edition . Windows Vista x64 Edition Service Pack 1 . Windows Server 2008 para sistemas 32 bits . Windows Server 2008 para sistemas 64 bits . Windows Server 2008 para sistemas baseados em Itanium Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em : . Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?familyid=36b14a81-5979-4e38-9ba3-ed83dfc17adf . Windows XP Service Pack 3 http://www.microsoft.com/downloads/details.aspx?familyid=36b14a81-5979-4e38-9ba3-ed83dfc17adf . Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?familyid=9e9d24ee-8183-428c-8067-168a8d85eaa1 . Windows XP Professional x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?familyid=9e9d24ee-8183-428c-8067-168a8d85eaa1 . Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?familyid=1e8e2faf-009f-403b-a5fe-a47cf014db3a . Windows Server 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?familyid=1e8e2faf-009f-403b-a5fe-a47cf014db3a . Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?familyid=78bf92d8-63c4-4596-8425-8fcfea7f5582 . Windows Server 2003 x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?familyid=78bf92d8-63c4-4596-8425-8fcfea7f5582 . Windows Server 2003 com SP1 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?familyid=5b7e94fa-22ed-4f7c-b452-647b2e620113 . Windows Server 2003 com SP2 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?familyid=5b7e94fa-22ed-4f7c-b452-647b2e620113 . Windows Vista http://www.microsoft.com/downloads/details.aspx?familyid=ef2d2a4b-4831-41be-b5d0-8df5b01fd205 . Windows Vista Service Pack 1 http://www.microsoft.com/downloads/details.aspx?familyid=ef2d2a4b-4831-41be-b5d0-8df5b01fd205 . Windows Vista x64 Edition http://www.microsoft.com/downloads/details.aspx?familyid=0839fcf4-85ca-445e-896b-f634b10b6700 . Windows Vista x64 Edition Service Pack 1 http://www.microsoft.com/downloads/details.aspx?familyid=0839fcf4-85ca-445e-896b-f634b10b6700 . Windows Server 2008 para sistemas 32 bits http://www.microsoft.com/downloads/details.aspx?familyid=0466a6e7-fdca-4647-af62-449e5f20d1e4 . Windows Server 2008 para sistemas 64 bits http://www.microsoft.com/downloads/details.aspx?familyid=304898e6-21a7-476f-b9ed-7ac0d88a91e2 . Windows Server 2008 para sistemas baseados em Itanium http://www.microsoft.com/downloads/details.aspx?familyid=8907783b-e3fe-40b2-9fc8-4937e7d58b7e Mais informacoes: . MS08-036 - Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762) http://www.microsoft.com/technet/security/Bulletin/MS08-036.mspx . SANS ISC Handler's Diary 2008-06-10: June 2008 Black Tuesday Overview http://isc.sans.org/diary.html?storyid=4552 . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2008-1440, CVE-2008-1441 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBSE/nPOkli63F4U8VAQHO8wQAtdJP1VCLUMYKH8XaQo0qX70uZoXNznZ2 JNazEckqDBgXCCyCXvV9iYLTT0/QAhvbaFMEKJCocIP1JAttJl29kY5rwd275oTr G/rRceWgxOUNLqJo4uzPhOv55qEDckpHLwB8XxiQmE2EB6/P3BqU9ppjzX7luTc7 BWHhOF1d+dk= =3vld -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Thu Jun 12 09:43:33 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 12 Jun 2008 09:43:33 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidade em implementacoes do protocolo SNMPv3 (US-CERT VU#878044) Message-ID: <20080612124332.GJ38826@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidade em implementacoes do protocolo SNMPv3 (US-CERT VU#878044) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Wed, 11 Jun 2008 11:55:53 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta do US-CERT, intitulado "US-CERT Vulnerability Note VU#878044 - SNMPv3 improper HMAC validation allows authentication bypass", que trata de uma vulnerabilidade presente no processo de autenticacao do SNMPv3. SNMPv3 e' a atual versao do protocolo Simple Network Management Protocol (SNMP), um protocolo de monitoracao muito utilizado na administracao de dispositivos de rede. A vulnerabilidade em questao esta' na autenticacao de algumas implementacoes de SNMPv3, que utiliza keyed-Hash Message Authentication Code (HMAC) de forma incompleta, ou seja, verifica apenas o primeiro byte. Esta falha na autenticacao permite que o atacante tenha uma chance em 256 de acertar este primeiro caractere do HMAC correto, ou seja, uma probabilidade de autenticacao com sucesso muito maior. Esta vulnerabilidade permite que um atacante leia e modifique qualquer objeto SNMP que possa ser acessado, podendo permitir a visualizacao e alteracao da configuracao destes dispositivos de rede. O atacante precisa conhecer o nome de um usuario valido para ter sucesso neste ataque. Sistemas afetados: . Cisco - Cisco IOS - Cisco IOS-XR - Cisco Catalyst Operating System (CatOS) - Cisco NX-OS - Cisco Application Control Engine (ACE) Module - Cisco ACE Appliance - Cisco ACE XML Gateway - Cisco MDS 9000 Series Multilayer Fabric Switches . eCos . Juniper Networks, Inc. . Net-SNMP . Network Appliance, Inc. . Red Hat, Inc. . SNMP Research . Sun Microsystems, Inc. . UCD-SNMP Esta e' a lista das implementacoes de SNMPv3 afetadas, de acordo com as informacoes levantadas no momento da elaboracao desde alerta do CAIS. Para uma lista atualizada de sistemas afetados por favor consulte o alerta original do US-CERT (VU#878044). Se por algum motivo nao for possivel a atualizacao em seu ambiente por favor consulte as medidas paliativas que o fornecedor recomenda. Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis no site oficial dos fornecedores. Mais informacoes: . US-CERT VU#878044 - SNMPv3 improper HMAC validation allows authentication bypass http://www.kb.cert.org/vuls/id/878044 . oCERT Advisory #2008-006 - multiple SNMP implementations HMAC authentication spoofing http://www.ocert.org/advisories/ocert-2008-006.html . Cisco Security Advisory: SNMP Version 3 Authentication Vulnerabilities http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml . SANS ISC Handler's Diary 2008-06-10: SMNP v3 trouble http://isc.sans.org/diary.html?storyid=4553 Identificador CVE (http://cve.mitre.org): CVE-2008-0960 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBSE/nf+kli63F4U8VAQHfqAP/ZN/SQhehneCyOAl91lCfSBmXu8tSWG6u nwHvke08tXQ1qmVIL8Qh0bDljctFU46aFvvzJIFTLtmEoxCt+0Y2BBw7pr/R+m53 bwlj9p8mnK8HqlS/pp/49+gE8Z9wZyza75wYf6wOHBEcknjKGRSYGca+ZLEILRB1 r+u0AePcpvk= =TC+h -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Thu Jun 12 10:12:33 2008 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 12 Jun 2008 10:12:33 -0300 Subject: [SECURITY-L] CAIS-Alerta: Vulnerabilidades no Apple QuickTime (US-CERT TA08-162C) Message-ID: <20080612131232.GK38826@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Vulnerabilidades no Apple QuickTime (US-CERT TA08-162C) To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Thu, 12 Jun 2008 08:51:54 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, O CAIS esta' repassando o alerta do US-CERT, intitulado "Technical Cyber Security Alert TA08-162C - Apple QuickTime Updates for Multiple Vulnerabilities", que trata de cinco vulnerabilidades identificadas no tocador multimidia Apple QuickTime. A versao 7.5 do Apple QuickTime resolve diversas vulnerabilidades encontradas em versoes anteriores do aplicativo, capazes de permitir a execucao de codigo malicioso arbitrario no sistema afetado. Estas vulnerabilidades podem ser exploradas atraves da execucao de arquivos maliciosos em um sistema com uma versao vulneravel do QuickTime. Uma vez que o QuickTime e' uma aplicacao integrada a diversos navegadores, a facilidade de exploracao destas vulnerabilidades torna-se bastante ampla. Sistemas afetados: . Apple QuickTime anterior a 7.5 em sistemas Apple Mac OS X . Apple QuickTime anterior a 7.5 em sistemas Microsoft Windows Correcoes disponiveis: Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Apple QuickTime em sistemas Mac OS X Leopard http://www.apple.com/support/downloads/quicktime75forleopard.html . Apple QuickTime em sistemas Mac OS X Tiger http://www.apple.com/support/downloads/quicktime75fortiger.html . Apple QuickTime em sistemas Mac OS X Panther http://www.apple.com/support/downloads/quicktime74forpanther.html . Apple QuickTime em sistemas Microsoft Windows http://www.apple.com/quicktime/download/ Mais informacoes: . TA08-162C - Apple QuickTime Updates for Multiple Vulnerabilities http://www.us-cert.gov/cas/techalerts/TA08-162C.html . About the security content of QuickTime 7.5 http://support.apple.com/kb/HT1991 . SA29293 - Apple QuickTime Multiple Vulnerabilities http://secunia.com/advisories/29293/ . SANS ISC Handler's Diary 2008-06-10: Upgrade to QuickTime 7.5 http://isc.sans.org/diary.html?storyid=4547 Identificador CVE (http://cve.mitre.org): CVE-2008-1581, CVE-2008-1582 CVE-2008-1583, CVE-2008-1584 CVE-2008-1585 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBSFEN6ekli63F4U8VAQGkGAP/QVQc8BMIxKQzhzUHNvcE+ZiSiUsyq115 ltXy4I/00lDt/gQKwuR9x8njW/tR3ioT2hNxY5yA33sB4P0xzkA5HwFWpEKiABXf Q70fuLFiC8lqYL7kFwyVIt1x/u8hAg+Los90ofIhwxakvvdaf9Z4ainhvB+3sBkF E0RGsB5TQCY= =Nb/G -----END PGP SIGNATURE----- ----- End forwarded message -----